One-time authentication tokens produce unpredictable one-time passcodes (OTP) typically by extracting pseudorandomness from a secret seed, that is stored at the token and shared with the authentication server. To protect against server-side leakage of the underlying seed, tokens may employ split-server verification protocols (see, e.g., U.S. Pat. No. 7,725,730). In a split-server verification protocol, the underlying authentication secret is split into at least two partial secrets, each one kept by a distinct verification server, so that authentication of a user is performed at these servers in a distributed manner so that certain attacks against of one or more servers can be tolerated.
A number of such split-server OTP verification protocols have been proposed. See, for example, U.S. patent application Ser. No. 13/404,737, entitled “Method and Apparatus for Authenticating a User Using Multi-Server One-Time Passcode Verification,” (now U.S. Pat. No. 9,118,661); U.S. patent application Ser. No. 13/795,801, entitled “Distributed Cryptography Using Distinct Value Sets Each Comprising At Least One Obscured Secret Value;” and U.S. patent application Ser. No. 14/144,707, entitled “Multi-Server One-Time Passcode Verification of Respective High Order and Low Order Passcode Portions.”
Nonetheless, a need remains for an end-to-end server-side architecture for an OTP authentication system that simultaneously employ split-server verification and one or more of Silent Alarms (See, for example, U.S. patent application Ser. No. 13/404,788, entitled “Methods and Apparatus for Silent Alarm Channels Using One-Time Passcode Authentication Tokens”) and Drifting Keys (See, for example, U.S. patent application Ser. No. 13/250,225, entitled “Key Update With Compromise Detection”).